International Journal of Scientific & Engineering Research, Volume 12, Issue 4, April-2021 609 ISSN 2229-5518 IJSER © 2021 http://www.ijser.org P2P Botnet Detection Using Machine Learning Algorithm: The Tools Blessing Iduh, Raphael Okonkwo, Obiajulu Ositanwosu, Obinna Iwegbuna Abstract— Creating Botnet detection systems have become very imperative, due to the continued creation of newer Botnet toolkits by cyber criminals. A Botnet is a network of compromised computerized devices that are connected to a central controller called a Botmaster. These devices are usually used to carry out malicious activities like identity theft, sending of spam mails, DOS attacks and other damaging acts without the knowledge of the actual owner of the device. Botnet detection using advanced techniques has become very necessary as Botmasters continue to device new means of attack. This paper therefore, presents some relevant tools and procedures involved in creating a Botnet detection system, and how to apply these tools using machine learning algorithms. Some of the tools presented in this work include; Scikit Learn, Pandas, Theano, Keras, Matplotlib, Pickel, Numpy, Tensorflow, amongst others. This paper also shows the steps involved in applying these tools. Index Terms— Botnet, Botmaster, Botnet Detection, Machine Learning, Cyber Security, C&C Channel, P2P, Decision Tree Classifier ——————————  —————————— 1 INTRODUCTION otnets have in recent times, become a very major challenge in the cyberspace. The word Botnet ac- cording to [1] is a combination of the words roBot and NETwork. It is used to describe a group of com- promised computer systems that are usually con- nected to a central controller called a Botmaster. The Botmaster uses command and control channels, to manipulate these infected computers. The difference between Botnets and other malwares according to [2], is the use of command and control (C&C) channels by Botnets. The C&C channel allows Bots to receive commands and perform malicious activities. A single infected system is known as a Bot, while a network of infected devices is referred to as a Botnet. Botnets are created by the Botmaster for communication infrastructure to perform malicious activities like email spamming, click fraud, identity theft, phishing attacks, denial of service attacks, information theft and distributed denial of service attacks. Systems that are connected to the internet have the chances of getting infected and becoming part of a Botnet. According to [3], in their Sur- vey of HTTP Botnet, a Botnet was described as a group of co- operated computers which are remotely controlled by hackers to launch various network attacks, such as DDoS attack, junk mail, click fraud, identity theft and information phishing. [4], in their Overview of Peer-to-Peer Botnets noted that Botnets have recently been identified as one of the most important threats to the security of the Internet. In the work of [5], they explained that Botnets have five states in their life cycle: the Injection state where the malware gets into the host system and which is achieved when the host download the malware through e-mail, trojan software and click fraud techniques. The user of the system innocently clicks on these items and a download and infection is initiated; being the connection state where the Bot is made to connect with the Command & Con- trol (C&C) server; the third state being the waiting state where the Bot waits for the request from its master; the execution state where the received request is performed or treated by the Bot and Finally, the maintenance and upgrading state where the Botmaster upgrades their attacking techniques in order to bypass any detection method. A user can get infected by visit- ing an infected site or accessing resources from such sites. Al- so, an infected system on a network can infect other systems on that same network. Botnets have continued to cause serious threats to the society including private and government organ- izations, national infrastructure and the general internet com- munity. Botnet detection involves the identification of Bots in the machine or network so that it can be mamaged. In recent years Botnet detection has been a hot topic in the research community due to increase in the malicious activity. Accord- ing to [6], the key features and characteristics of Bots are con- sidered as a critical step when dealing with Botnet detection. 2. LITERATURE REVIEW Several researchers like [7], [8], [9], have worked on Botnet Detection and management. In general, two major approaches exist for detection of Botnets these include; the signature- based and anomaly based detection methods. Researcher like [10] and [11] among others, have studied the signature-based detection and their results are applicable for known Bots. In their approach, every packet is monitored and compared to the pre-configured signatures and attack patterns in the data- base. Even though their approach can detect some Botnets, the signature database needs to always be updated to detect the B ————————————————  Blessing Iduh is currently pursuing PhD degree program in Data Conmmunication and Networking at Nnamdi Azikiwe University, Awka, Anambra State, Nigeria. E-mail: bn.iduh@unizik.edu.ng  Raphael Okonkwo is currently a Professor of computer Science, Nnamdi Azikiwe University, Awka, Anambra State, Nigeria. E-mail: ro.okonkwo@unizik.edu.ng  Ositanwosu Obiajulu is currently pursuing PhD degree program in Infor- mation Technology, Machine learning and IOT Soouth China University, Guangzhou, PR China. E-mail: oe.ositanwosu@unizik.edu.ng  Obinna Iwegbuna is currently pursuing PhD degree program in Infor- mation Technology at Ebonyi State University, Ebonyi State, Nigeria. E- mail: @unizik.edu.ng